>The release notes for 0.86.2 say:
>
>"Changes in this release include fixes for three possible integer
>overflows in libclamav"

Simply assuming that a single-line changelog entry is sufficient
acknowledgement of a published vulnerability is dangerous. Such
assumptions are frequently wrong. (However, in this case, Alex
Wheeler is credited in the more detailed changelog in the release
notes).